Silent Circle – Military Level Encryption Brought to Your Phone

by October 17, 2012 10/17/12

My phone started to ring. Was it really who I thought it was? The display said that the connection was secure but I had to be certain. We verbally verified that we were seeing the same two random words (secure authentication string) on our phones.

“skydive amulet”

The green “Secure” text appeared so we knew there was no one listening. This technology isn’t just for spooks. This is a $20 a month service you can sign up for today.

Yesterday, an app for the iPhone (Android coming soon) was released that promised to protect your privacy when calling and sending texts. Silent Circle uses TLS and ZRTP protocols to encrypt packets of your phone call across the Internet making each call secure.

It costs $20 a month (with different plans available) and all of the data from your phone goes through a custom built encrypted network, the Silent Network, providing you with a secure line.  Check out their site for a full rundown on the capabilities of the Silent Network.

The Silent Phone app handles the call side while Silent Text app encrypts and secures your text messages. In the Silent Text app, you’re even able to set a duration for the visibility of that specific text. Once it hits the time you designate, the message “burns” and disappears.

Silent Circle is  careful to spell out what they do and don’t do. Of course, it’s worth noting that you have to use your best judgement when using the apps. If you are in a public place, people can still eavesdrop on your conversation.

While we are still trying out the app, the one thing that caught my eye is that the iOS app isn’t made for the larger screen of the iPhone 5. That’s probably just a problem for early adopters but it’s something I noticed right off the bat.

Does it Really Work?

While we consider ourselves a fairly techy crew at ITS, some of the specifics with this app and network are a bit foreign to us. We asked someone with more security knowledge to weigh in on Silent Circle:

“It’s a proprietary system, which means that nobody knows the real workings of it. The only choice is to trust that the company does what they claim they do, never makes any mistakes and always does the right thing. For a piece of software that is just a fun toy, that may ok, but for security software, it’s unacceptable.” As the Free Software Foundation said, “Proprietary security software is an oxymoron — if the user is not fundamentally in control of the software, the user has no security.” [0]

Furthermore: “In the cryptography world, we consider open source necessary for good security; we have for decades. Public security is always more secure than proprietary security. It’s true for cryptographic algorithms, security protocols and security source code. For us, open source isn’t just a business model; it’s smart engineering practice.”[1]

[0] https://www.fsf.org/blogs/community/dear-microsoft-fsf.org-is-not-a-gambling-site
[1] https://www.schneier.com/crypto-gram-9909.html#OpenSourceandSecurity

 

Until we get some further time behind this app to test it, we leave you with this appropriate web comic from XKCD:

Update: Some questionable practices have been brought up that are worth your time to read. Follow along through this comment thread on GitHub for the back and forth conversation.


Are you getting more than 14¢ of value per day from ITS Tactical?

Please consider joining our Crew Leader Membership and our growing community of supporters.

At ITS Tactical we’re working hard every day to provide different methods, ideas and knowledge that could one day save your life. Instead of simply asking for your support with donations, we’ve developed a membership to allow our readers to support what we do and allow us to give you back something in return.

For less than 14¢ a day you can help contribute directly to our content, and join our growing community of supporters who have directly influenced what we’ve been able to accomplish and where we’re headed.

Click here to learn about all the benefits and Join!


vinthewrench
vinthewrench

silent text 1.5 is now available on app store

Numerous improvements and additional functions

Send ANY business attachment - Excel, Powerpoint, Pages, PDF, Word, Keynote, CAD drawings

Send Map location as well as location within images and videos

Send photos, videos, audio recordings and URL Links

Send calendar invites and contacts

Make encrypted Silent Phone calls from within Silent Text

Redaction - allows full control of messages you've sent

Manually burn on both devices simultaneously

Allows renaming device

Forwards content from other iOS apps

Works across multiple devices

vinthewrench
vinthewrench

silent text 1.5 is now available on app store Numerous improvements and additional functions Send ANY business attachment - Excel, Powerpoint, Pages, PDF, Word, Keynote, CAD drawings Send Map location as well as location within images and videos Send photos, videos, audio recordings and URL Links Send calendar invites and contacts Make encrypted Silent Phone calls from within Silent Text Redaction - allows full control of messages you've sent Manually burn on both devices simultaneously Allows renaming device Forwards content from other iOS apps Works across multiple devices

NJS
NJS

iPhone offers similar voice transformation programs, but I've not tested them. Voice transformation technology in general will be good within a few years, in fact, it can work better if the voice user mimics the target voice to start.

Unknown
Unknown

Well ,Vince . What can I say besides the fact that I am aware about silent circle and history that's associated with pop. Please , do understand that I'm not pulling false intel out my ass . It's not that I don't trust your op . It's the fact it's running on iOS . There is a lot of history of any digital ecosystem being compromised . Android , ios and blackberry .Also be aware of the fact of companies selling the encryption hosts or at least cases to the to third parties . A simple fact that is less publicized . I honestly do not know if legion is qualified to do stress testing on those modules . Myself on the other hand , I'm not going to confirm or deny that .

NJS
NJS

In the near future, when voice mimicry technology is perfected, the problems of insecure phone conversation will be so tremendous that the need for services like Silent Circle will apply to everyone.

Your voice is something you are, a call that sounds like you but is not you is a threatening thing.

Worrying about large-scale monitoring of encrypted communications is totally valid, but have you considered whether ordinary folks who trust their everyday phone communications are authentic or secret need that trust validated a bit differently? A boy who calls up Grandma to discuss Grandma's cookie recipe is not hurt by the government stealing the recipe, but he can be hurt if:

* Grandma hears the boy insult the recipe.

* Grandma hears the details of the conversation from neighbors unexpectedly.

* The boy's call goes through to someone or something that is not Grandma but sounds like her.

While it's true that zerzetsen tactics *could* be employed by the government to add unhappiness to grandmom's relationship with her grandkid, it's the bullying classmate who's more likely to go after the boy that way.

Consider how a bully would want:

* ability to feign identity, particularly using media (voice, phone)

* access to confidential communications and event information (what people "wouldn't bother" to spy on).

* a network of cronies who tend to relay what she communicates.

A bully's flexibility to act comes from 3 areas of uncertainty:

* whether recordings or speakers are genuine or false

* whether her innuendo implies additional knowledge beyond what she shares

* whether others, usually intimates or friends of her current target, are involved in informing her network or supporting her abuse (of her target, e.g., me).

You can see how a service that worked for "everyday folks" would neutralize one problem, at least, the problem of whether calls are secure and come frome the devices they seem to come from. It's handy for protecting from small conspiracies. Usually people say, "Oh, why bother, who would do that?" My answer is that a lot of bullies would do that, if they realized that they could, and if they understood how to exploit the consequences. These days, increasingly, people want to participate in bullying of others, it's a less pleasant world we live in, protecting the ordinary good life requires more armor. A service like Silent Circle, if it's any good, is more armor.

NJS
NJS

In the near future, when voice mimicry technology is perfected, the problems of insecure phone conversation will be so tremendous that the need for services like Silent Circle will apply to everyone. Your voice is something you are, a call that sounds like you but is not you is a threatening thing. Worrying about large-scale monitoring of encrypted communications is totally valid, but have you considered whether ordinary folks who trust their everyday phone communications are authentic or secret need that trust validated a bit differently? A boy who calls up Grandma to discuss Grandma's cookie recipe is not hurt by the government stealing the recipe, but he can be hurt if: * Grandma hears the boy insult the recipe. * Grandma hears the details of the conversation from neighbors unexpectedly. * The boy's call goes through to someone or something that is not Grandma but sounds like her. While it's true that zerzetsen tactics *could* be employed by the government to add unhappiness to grandmom's relationship with her grandkid, it's the bullying classmate who's more likely to go after the boy that way. Consider how a bully would want: * ability to feign identity, particularly using media (voice, phone) * access to confidential communications and event information (what people "wouldn't bother" to spy on). * a network of cronies who tend to relay what she communicates. A bully's flexibility to act comes from 3 areas of uncertainty: * whether recordings or speakers are genuine or false * whether her innuendo implies additional knowledge beyond what she shares * whether others, usually intimates or friends of her current target, are involved in informing her network or supporting her abuse (of her target, e.g., me). You can see how a service that worked for "everyday folks" would neutralize one problem, at least, the problem of whether calls are secure and come frome the devices they seem to come from. It's handy for protecting from small conspiracies. Usually people say, "Oh, why bother, who would do that?" My answer is that a lot of bullies would do that, if they realized that they could, and if they understood how to exploit the consequences. These days, increasingly, people want to participate in bullying of others, it's a less pleasant world we live in, protecting the ordinary good life requires more armor. A service like Silent Circle, if it's any good, is more armor.

Pk
Pk

Third time is a charm! Now even shorter! ;-)

I think your security professional meant to say "closed source" - there is a big difference between just being closed source and also being proprietary. Silent Circle has used open and peer reviewed algorithms and protocols including ZRTP, PGP, S/MIME, OTR, and TLS. The validation of the implementations can be done w/o source or they can also option for a review from organizations like Veracode (which they may have). It's clear Silent Circle 1) is doing more due diligence than most counterparts including most FOSS projects and 2) intends to open what makes sense to open as noted officially at https://twitter.com/Silent_Circle/statuses/256753739191418880.

There is also the small matter of potential conflicts and Legal wrangling around Apple's own T&Cs as others have experienced (see: http://opensourcedelivers.com/2011/09/13/lgpl-the-apple-app-store-no-easy-solutions/).

Two of the core founders of Silent Circle have industry PROVEN records of secure design, readily receptive to criticism, community practice, fighting Government overreach.. FOSS does not mean secure or even having ever had been reviewed. Oddly the calls for RedPhone and TextSecure neglect to mention they were closed source for quite some time before being released.

Additionally the criticism about about Silent Circle servers is misleading - SC ~does~ offer the option of letting them do key-management which they then also note is not as secure and may end up being compelled under Government request to be handed over. So they offer multiple levels of security for the end-user to determine risk and practice for themselves.

The rush to judgement increasingly comes from what I call the "Western Promises" tech-savvy groups that neglect to consider the limited userbase of existing solutions and the difficulties of use. Silent Circle has, thusfar, demonstrated good practice, good faith, and ready availability. We should support these developments when commercial interests meet the community at "ground level" so well.

Silent Circle deserves the benefit of the doubt (for now), and as they've said, the savvy core groups can interoperate with Silent Circle customers. -Pk

Pk
Pk

Third time is a charm! Now even shorter! ;-) I think your security professional meant to say "closed source" - there is a big difference between just being closed source and also being proprietary. Silent Circle has used open and peer reviewed algorithms and protocols including ZRTP, PGP, S/MIME, OTR, and TLS. The validation of the implementations can be done w/o source or they can also option for a review from organizations like Veracode (which they may have). It's clear Silent Circle 1) is doing more due diligence than most counterparts including most FOSS projects and 2) intends to open what makes sense to open as noted officially at https://twitter.com/Silent_Circle/statuses/256753739191418880. There is also the small matter of potential conflicts and Legal wrangling around Apple's own T&Cs as others have experienced (see: http://opensourcedelivers.com/2011/09/13/lgpl-the-apple-app-store-no-easy-solutions/). Two of the core founders of Silent Circle have industry PROVEN records of secure design, readily receptive to criticism, community practice, fighting Government overreach.. FOSS does not mean secure or even having ever had been reviewed. Oddly the calls for RedPhone and TextSecure neglect to mention they were closed source for quite some time before being released. Additionally the criticism about about Silent Circle servers is misleading - SC ~does~ offer the option of letting them do key-management which they then also note is not as secure and may end up being compelled under Government request to be handed over. So they offer multiple levels of security for the end-user to determine risk and practice for themselves. The rush to judgement increasingly comes from what I call the "Western Promises" tech-savvy groups that neglect to consider the limited userbase of existing solutions and the difficulties of use. Silent Circle has, thusfar, demonstrated good practice, good faith, and ready availability. We should support these developments when commercial interests meet the community at "ground level" so well. Silent Circle deserves the benefit of the doubt (for now), and as they've said, the savvy core groups can interoperate with Silent Circle customers. -Pk

Bryan Black
Bryan Black

To everyone that left a comment prior to 13:30 today on this post. We had a database optimization run and it wiped a few pending comments. Please leave them again and we apologize for the inconvenience, thanks!

My name is Legion
My name is Legion

Silent Circle is crap.

Here's what we REALLY need: A PEER-to-PEER smartphone app that, when prompted, generates a public encryption key, and exchanges it, with a peer, via extremely short range technologies (~.5 meter).

The key is associated in the Contacts database with a specific phone number and used to encrypt all those calls. A new key can be generated at will.

Easy-peasy!

There are only BAD reasons for Silent Circle to insinuate its servers into the encryption equation - trust me.

My name is Legion
My name is Legion

Silent Circle is crap. Here's what we REALLY need: A PEER-to-PEER smartphone app that, when prompted, generates a public encryption key, and exchanges it, with a peer, via extremely short range technologies (~.5 meter). The key is associated in the Contacts database with a specific phone number and used to encrypt all those calls. A new key can be generated at will. Easy-peasy! There are only BAD reasons for Silent Circle to insinuate its servers into the encryption equation - trust me.

vinthewrench
vinthewrench

Unknown, you should reach out to me and let me know what I can do to address these concerns.

Bryan Black
Bryan Black

So a few more got approved and removed accidentally once again. I'm truly sorry for the trouble everyone! Our server has been getting slammed today and some database changes aren't playing nice. I assure everyone we're not trying to censor your comments! Thanks for your patience and support.

vinthewrench
vinthewrench

umm, no, you are incorrect.

The keys ephemeral (look up how ZRTP works). the contacts database have nothing to do with the keys. The servers only pass encrypted information around, they have no access to the clear text.

The code will be released to open source as soon as Silent Circle can get around to it.

Joe Questionable
Joe Questionable

Legion,

My understanding (from conversations with one of the engineers at Silent Circle), is that this DOES do virtually exactly what you just said. End-to-end encryption, with ephemeral keys generated on the clients (i.e. iPhone), not the Silent Circle servers.

The issue of closed vs open vs reviewed-by-some-authority source code still remains to be seen, but I understand they have this in the works as well. Probably the investors wanted this to market ASAP. I do hope for their sake that not delaying until after some trusted third party reviewed the code does not hinder their market's reception.

Unkown
Unkown

Encryption on a closed ecosystem is comical at best . In reality it simply does not work . Meaning whats the point of putting new locks in if you keep your windows open at night . You want security on your comm lines ? Loose the ios,android and ,or your beloved blackberry . The same words would apply to CDMA. Most civilized human being would not do that . Encryption that's based on a proprietary system is nothing more that smoke and mirrors . Collecting so called encrypted data , then selling that intel to the highest bidder is probably good money on the side . Running a encrypted P2P with a .5 meter range ? My dear Legion , there are two big problems with that . One you are thinking of a digital dead drop that could not exist in real life . Though the concept, does sound lovely .Two , you better off using two cups and a string and calling it encryption . Anonymous p2p setups can be compromised , that's a fact . Running a secure comm line via a data connection for voice .is a worthless idea .

vinthewrench
vinthewrench

umm, no, you are incorrect. The keys ephemeral (look up how ZRTP works). the contacts database have nothing to do with the keys. The servers only pass encrypted information around, they have no access to the clear text. The code will be released to open source as soon as Silent Circle can get around to it.

Joe Questionable
Joe Questionable

Legion, My understanding (from conversations with one of the engineers at Silent Circle), is that this DOES do virtually exactly what you just said. End-to-end encryption, with ephemeral keys generated on the clients (i.e. iPhone), not the Silent Circle servers. The issue of closed vs open vs reviewed-by-some-authority source code still remains to be seen, but I understand they have this in the works as well. Probably the investors wanted this to market ASAP. I do hope for their sake that not delaying until after some trusted third party reviewed the code does not hinder their market's reception.

NJS
NJS

You handle authentication of the sender and security of the connection, not security of the device receiving the message. On the receiving end, another listener in the environment or a side-channel attack can capture the message, and anyone running malware on the device can capture or transform the message. If Silent Circle verified that the device user is also the device owner of the device containing your encryption keys (in the dual-subscriber, peer-to-peer scheme), that would be somewhat helpful, if the Silent Circle scheme improved on what devices already offer. Hopefully voice biometrics will never be the chosen scheme.

Two other problems are:

* impersonation accounts

* devices added to hacked accounts

I’m not sure how Silent Circle guarantees device ownership when devices are registered, or the identity of users who create accounts, but if it is the typical means, of a phone call and voicing the last digits of a credit card number, that’s not adequate to protect users.

**warning: a rant follows**

Of the four means of mimicking voice:

1. direct imitation

2. recording manipulation

3. real-time digital voice transformation

4. digital voice production (e.g. Festvox: TRANSFORM)

Imitation and cut-and-pasted recordings are the simplest for people to use now. By the middle of high school, a motivated social engineer should be capable of using all four methods. As the technology develops, the ability to mimic voices will be available to more people with lesser abilities.

The next hurdles for successful voice forgery are:

* choice of words, especially the mannerisms of the mimicked person

* information content of the verbalizations

Even when voice mimicry technology allows a 5 year old to sound exactly like their father, he won’t be able to convince the kindergarden teacher to let him stay home, because he won’t choose the words or speak with the knowledge of his father. This will rule out voice transformation for him, and voice production as well, at least until voice production systems can independently create voice profiles that include the voice mannerisms of his father. Obviously, voice imitation won’t work, but voice recording can, if the software assists the little boy in recording his father and controlling the call to the kindergarden teacher in which the recording is transmitted.

Malicious use of voice forgery can impact others’:

* specific decisions

* relationships or their trust levels

* emotions

* stress-level

Furthermore, even if the true source of a forged call is known, the information contained in the call can raise harmful doubts or feelings in the listener about someone other than the source, particularly when false recordings or clever innuendo is used to lead a person’s thinking and precipitate a problem. For example, a call to the kindergarden teacher spoken in the words of the 5-year old boy, but containing information that the teacher is led to believe came from the boy’s father, such as, “Daddy thinks you have a nice … never mind.” can become a powerful attack on the father and teacher or their relationship, depending on the culture and communication trust between father and teacher. It could instead hurt the child if the call was faked in the child’s voice.

Silent Circle technology offers the assurance that a message is being transmitted from one device to another that is private and unchanged during transmission. Could Silent Circle apps be written to prevent use of another app running on the device that changes microphone input before the Silent Circle app processes it? I’m thinking of a windows application currently available online that offers real-time profile-based voice transformation for use with Skype. How hard would it be to prevent the use of similar technology with Silent Circle? I'm not mentioning the name of the technology because I've tested it, and used as prescribed, it's not very good. In a few years, though, it will be.

NJS
NJS

You handle authentication of the sender and security of the connection, not security of the device receiving the message. On the receiving end, another listener in the environment or a side-channel attack can capture the message, and anyone running malware on the device can capture or transform the message. If Silent Circle verified that the device user is also the device owner of the device containing your encryption keys (in the dual-subscriber, peer-to-peer scheme), that would be somewhat helpful, if the Silent Circle scheme improved on what devices already offer. Hopefully voice biometrics will never be the chosen scheme. Two other problems are: * impersonation accounts * devices added to hacked accounts I’m not sure how Silent Circle guarantees device ownership when devices are registered, or the identity of users who create accounts, but if it is the typical means, of a phone call and voicing the last digits of a credit card number, that’s not adequate to protect users. **warning: a rant follows** Of the four means of mimicking voice: 1. direct imitation 2. recording manipulation 3. real-time digital voice transformation 4. digital voice production (e.g. Festvox: TRANSFORM) Imitation and cut-and-pasted recordings are the simplest for people to use now. By the middle of high school, a motivated social engineer should be capable of using all four methods. As the technology develops, the ability to mimic voices will be available to more people with lesser abilities. The next hurdles for successful voice forgery are: * choice of words, especially the mannerisms of the mimicked person * information content of the verbalizations Even when voice mimicry technology allows a 5 year old to sound exactly like their father, he won’t be able to convince the kindergarden teacher to let him stay home, because he won’t choose the words or speak with the knowledge of his father. This will rule out voice transformation for him, and voice production as well, at least until voice production systems can independently create voice profiles that include the voice mannerisms of his father. Obviously, voice imitation won’t work, but voice recording can, if the software assists the little boy in recording his father and controlling the call to the kindergarden teacher in which the recording is transmitted. Malicious use of voice forgery can impact others’: * specific decisions * relationships or their trust levels * emotions * stress-level Furthermore, even if the true source of a forged call is known, the information contained in the call can raise harmful doubts or feelings in the listener about someone other than the source, particularly when false recordings or clever innuendo is used to lead a person’s thinking and precipitate a problem. For example, a call to the kindergarden teacher spoken in the words of the 5-year old boy, but containing information that the teacher is led to believe came from the boy’s father, such as, “Daddy thinks you have a nice … never mind.” can become a powerful attack on the father and teacher or their relationship, depending on the culture and communication trust between father and teacher. It could instead hurt the child if the call was faked in the child’s voice. Silent Circle technology offers the assurance that a message is being transmitted from one device to another that is private and unchanged during transmission. Could Silent Circle apps be written to prevent use of another app running on the device that changes microphone input before the Silent Circle app processes it? I’m thinking of a windows application currently available online that offers real-time profile-based voice transformation for use with Skype. How hard would it be to prevent the use of similar technology with Silent Circle? I'm not mentioning the name of the technology because I've tested it, and used as prescribed, it's not very good. In a few years, though, it will be.

Unknown
Unknown

Vince , I am sorry but I cannot assist you on this . A, I do not work with the private sector . B, what ever stuff I assist in developing stays with my team . C, even if I wanted to assist , my superiors would never approve of this stuff . Even if it was on my own time . Sorry jefe . Hope you understand .

Unknown
Unknown

If the VP of engenering himself, says that we are wrong . Then, we must be wrong . Btw Vince .... If you don't mind me asking. What's the timeframe for that release ? Would your company allow for an independent stress test of silent circle ?

vinthewrench
vinthewrench

the device is an iPhone. not a windoze box

vinthewrench
vinthewrench

we are working to release the sources, unlike the days back we WE did it originally (take a second and research who Silent Circle is) with PGP, so much of the code these days is locked up in licensing. As soon as we can get all the various vendors to allow us we will make the code available (most likely on github).

If I cant get everyone to let go quick enough, we will at least put out the crypto modules and some docs on how it works. We have no plans to hide anything.

we have had strong involvement with independent third party security testers all along and will release their reports also.

Assuming that Unknown and Legion are all well qualified to review the sources, is there anything else that you all would require to make you feel more comfortable?

vinthewrench
vinthewrench

we are working to release the sources, unlike the days back we WE did it originally (take a second and research who Silent Circle is) with PGP, so much of the code these days is locked up in licensing. As soon as we can get all the various vendors to allow us we will make the code available (most likely on github). If I cant get everyone to let go quick enough, we will at least put out the crypto modules and some docs on how it works. We have no plans to hide anything. we have had strong involvement with independent third party security testers all along and will release their reports also. Assuming that Unknown and Legion are all well qualified to review the sources, is there anything else that you all would require to make you feel more comfortable?

The Latest
Squawk Box

We just received our Silver Play Button plaque from YouTube for surpassing 100,000 subscribers on our YouTube channel! A huge shout out to all of you that made this possible! It’s a major award and we’re extremely proud to hang this on our wall. Here’s to the next 100,000!

6 hours ago
Leave a Comment

ITS is proud to have helped sponsor a Military Appreciation Night that our local NAHL Hockey Team, the Lone Star Brahamas, are skating in on Wednesday November, 26th. The team will be wearing these special edition jerseys that feature a new ITS Military Appreciation design that’s placed directly over the fight strap location.

The ITS Crew will be hanging out at the game that night so keep an eye out for us and come say hi if you’ll be there! Who knows what a fight strap on a hockey jersey is for?

9 hours ago
Leave a Comment

Designed in house at ITS and built by our friends at Bombsquad Longboarding, a local skate shop here in TX, the ITS Threeper Skate Decks are great for sliding, pools, bowls and all around street riding.

9 hours ago
Leave a Comment